Frequently Asked Questions

Airbitz Wallet (User)

No, neither Airbitz nor any third party can access the private keys, or even the public addresses and transactional meta data of any users. Private and public keys are generated on the user’s device and encrypted using THEIR login/password (Airbitz has no ability to decrypt the data). The encrypted data is then stored on their device and backed up to peer-to-peer cloud servers with a very high level of redundancy. User’s can access their funds from any compatible iPhone or Android device using the Airbitz mobile app and the same login & password.

No problem. Just download Airbitz onto a new iPhone or Android device, use the same login & password, and you’ll have full access to your account, wallets, and funds.

You can even use the same account login & password on multiple devices concurrently. New transactions on one device automatically sync up with other devices.

Using the same login & password will download all encrypted account & wallet information onto the new device and decrypt it using that same login & password. Airbitz *feels* like mobile banking except that it implements Bitcoin’s core values of decentralization, privacy, and financial autonomy at heart.

The Airbitz wallet can still function to send and receive bitcoin even without Airbitz servers. PIN based logins will not work, but you can still login using the full username & password on any device that has been logged into before. From there, funds can be sent out to another wallet by using the normal Send functionality within the app. Sending funds utilizes several 3rd party bitcoin server nodes, in addition to Airbitz servers, so you can feel assured that your funds will not be locked up if Airbitz goes away.

The login and password provide two critical pieces of the Airbitz security model, encryption and backup.

1. They are the source of the encryption key used to encrypt private keys and user data before it is stored or backed up. This encryption key is therefore owned only by the user, not Airbitz. Airbitz has no ability to decrypt user data or spend users’ funds.
2. They are the credentials used to obtain your encrypted data on multiple devices should you need access on multiple devices or if a phone is lost or stolen.

Even though a login & password might *feel* like you are connecting to a hosted service, in reality, the Airbitz wallet can *login* locally on your device without access to the network. This *offline* login simply decrypts the data already on your device.

This is one key aspect of the strong decentralized architecture of Airbitz. Airbitz servers are not actually required to Send funds from a wallet as it accesses the bitcoin network directly without the need of any Airbitz infrastructure. Should Airbitz ever completely shutdown, users will still be able to send out their funds using this functionality.

The Airbitz application requests access to the device contact list, location, and personal information. This information is used on the device to provide an improved user experience in the following ways:

1. Autocomplete contacts from the user’s address book after a transaction
2. Autocomplete contacts from the user’s address book to send Email or SMS payment requests
3. Autocomplete business listings names after a transaction
4. Geolocate user’s device to find nearby businesses

No personal info or contact list info ever leaves the device without first being encrypted by the user’s credentials (username/password). Neither Airbitz nor any 3rd party has knowledge of the information accessed by the application.

On iPhone & iPad devices, users can deny these permissions and still use the Airbitz wallet with reduced functionality.

Developers can verify our privacy model through our open source code at github.com/Airbitz

2-Factor Authentication (2FA) is a key security feature for online accounts that has been largely neglected due to the difficulty and tedious nature of its operation. 2FA refers to the two factors required to authenticate with an online service. One factor is typically something a user knows, such as a login and password. A second factor is something a user has, such as a mobile device with an app such as Google Authenticator or Authy. This second factor prevents unauthorized access to an account by an attacker that has the correct username and password, but does not have the user’s device.

We’ve accomplished this simplicity by basically merging the functionality of Google Authenticator into Airbitz. Upon enabling 2FA, the Airbitz app will share a random token with the Airbitz servers. Instead of copy and pasting a 6 digit PIN every time you want to login, Airbitz will simply generate a one time use password from the shared token, and send it with each server interaction. This effectively ties your account to your current device.

Should the user lose their device, they can still attempt a login using another device and request a 2FA reset. The reset will require 7 days, during which, a notification will be sent to the device of the user to prevent a fraudulent reset. This leaves one question, why aren’t you using two factor authentication for all of your online services?

We’d recommending creating an account specifically for your business. Then you can use that same username & password combination to login to additional devices for use by the staff. On the devices to be used by staff, set the daily spending limit to zero (or some small amount to allow refunds).

Go to Settings -> Spending Limits. Enable Daily Spending Limits.

You can then give your staff the device and PIN number which can be used to login to the device. An attempt to spend above the daily limit will require the full password which you keep to yourself.

In addition, we’d recommend enabling Merchant Mode which returns the user back to the Payment Request screen immediately after full payment is received. Note that if a customer only partially pays the requested amount, the warning will show and the QR code will change to request the remaining balance.

And of course, let us know when you’ve fully trained your staff to accept bitcoin, and we can add them to our integrated merchant directory. Just visit airbitz.co/go/submit-business/ to be added.

Bitcoins can be purchased in the United States and Canada via Glidera within the app by linking your bank account. Alternatively, you can also purchase bitcoins in person with a local trader. Check out Localbitcoins or Paxful to find a trader in your area.

Airbitz wants access to camera and photos so that it can be used to scan QR codes. Contact access is needed so that Airbitz can tag information regarding your transactions. The tagged information is kept 100% private and encrypted by your password. No one, including Airbitz, has any access to this information.

Starting with release 1.8.5, users now have the ability to delete wallets. Simply go to “Wallets” on the slide out menu and select the wallet you want to delete. For Apple devices, press and hold the wallet until the pop up appears, then select “Delete”, or if on Android click the three dotted button on the right hand side and select “Delete” from the menu. You can’t delete a wallet that still has funds in it and will be prevented from deleting if transactions are pending or there is bitcoin left in it. The ability to archive wallets is still available.

While we do plan on having business listings for every country, we are only able to release a handful of countries periodically since the listings made are hand curated by our curators. If you feel that your country is booming with bitcoin businesses, email us and let us know and we might just start on working on your country next!

Airbitz does not store any user data so we would not be able to recover your password should it be forgotten. However, if recovery questions are set, you can still recover your account by answering the security questions which will let you create a new password if answered correctly. Here are the current methods one would be able to recover their password:

Recovery Questions – If recovery questions were set, you can answer the security questions to change your password to a new one

PIN Login – If you were previously logged into your account and had PIN turned on but did not remember the password, you can still access your account via PIN Login. You can then transfer the funds to a new account or another wallet from there

www.walletrecoveryservices.com/ – Wallet Recovery Services is a service we recommend where they will attempt to recover your account if you partially know your password for a small fee

Wallet Private Seed – If you have the Wallet Private Seed saved or stored somewhere, you can also recover your funds from your account by entering it at https://airbitz.co/recovery/

We cannot delete Airbitz accounts but as users may already notice, we store zero information so no Airbitz account is tied to a real identity. However, personal user information that is on there through Glidera, Clevercoin, or other exchanges can have the accounts erased by contacting support@glidera.io or support@clevercoin.com. Once removed, their Airbitz account will no longer be connected to Glidera/Clevercoin. An Airbitz account is still not tied to any real identity which is just as good as being deleted.

Bitcoin transaction fees are primarily determined by the two main factors. The amount of congestion and traffic on the bitcoin network, and by the size of the transaction in bytes of data.

The bitcoin network has a limited number of transactions it can process per minute. As the demand for transaction space increases, the required fees to get a transaction processed quickly increase along with it. Bitcoin nodes give an estimate fee to get a transaction confirmed within an estimated period of time. This fee is expressed as an amount of bitcoin per byte of data. The fees are NOT dependent on the amount of bitcoin you are sending. None of these fees go to Airbitz but rather to the public bitcoin network as payment for securing and validating transactions.

As a normal user, you do not see how large your transaction is in bytes of data but only in amount of bitcoin sent. The typical transaction size is approximately 230 bytes of data which at the time of this writing would cost about $0.35 USD (Mar 2017). However, this is greatly affected by the number of “inputs” required to spend your funds. “Inputs” are previous transactions that went into your wallet. The more “inputs” needed to fulfill your spend, the larger your transaction will be in bytes of data.

For example, if you received 20 $1 deposits into your wallet and then went to spend $15, it would require 15 inputs of $1 each. Each input increases the data requirements of your transaction and therefore the fees required to spend the funds. If you received 2 $10 deposits into your wallet instead, it would only require 2 inputs to spend your funds and would therefore be much cheaper.

Note that due to the rising costs of bitcoin mining fees, it may cost more to include an input than the value of the input itself. For example, if you received a $0.10 deposit into your wallet, but it costs $0.25 to include that deposit in an outgoing spend, then the $0.10 deposit becomes un-spendable since it costs too much to include in an outgoing transaction.

Users experiencing large fees have usually received many small deposits into their wallet of usually less than a few US dollars worth. This is common with some mining pool payouts. We suggesting switching to a service that aggregates transactions into a single large transaction that encompasses a longer period of time.

If you feel that the documents you are uploading are correct but is not being approved, it could be due to the automated system. We suggest that you contact support@glidera.io and attach those documents so that they can manually review and verify your documents.

If you sent funds and they are confirmed on the blockchain, it is likely not an issue with Airbitz but rather the detection system of the other party. The other party could be having issues where they are failing to see broadcasted transactions even though they successfully went through. We suggest taking a screenshot of the Transaction ID and contacting the other party’s support and showing them the Transaction ID. The Transaction ID is basically proof that you sent money and it shows the confirmations.

The mining fee can be adjusted by tapping on the mining fee. A popup will appear where you can select Low, Standard, or High. Depending on the size of the transaction, the fee can noticeably increase or decrease in fees. Having a higher mining fee will result in quicker confirmation times while a low mining fee would make the transaction take longer than usual to confirm.

If the transaction ID is confirmed, it is likely there is an issue with the website or other wallet that your bitcoin was sent to. You will need to contact them so that they can investigate why the funds are not being shown. A transaction ID with confirmations is essentially a receipt or a proof of payment.

To check if your Transaction was confirmed on the blockchain go to https://blockexplorer.com/ and type in your Transaction ID.

*The transaction ID in the Airbitz wallet can be found by tapping on a specific transaction which will show you transaction details for that specific transaction. Next you tap on the “Advanced” button and your transaction ID will be at the top of the screen that pops up.

Airbitz does not have access to accounts or maintain any information about its users. During the account creation process, Airbitz never asks your name, phone number, email or any personal information that ties your identity to an account. There are also multiple warnings that the password is known only to you and that Airbitz cannot see or reset it.

If you still have access into the account through either the 4 Digit PIN or Fingerprint, you will be able to reset the password. This only works if Airbitz was not uninstalled or deleted.

To initiate the password reset, please log out and log into your account multiple times until a password reminder popup shows which will allow you to reset the password.

If the Recovery Questions were set up before losing access to your account, initiate the Recovery by searching for the Recovery Token that you emailed yourself. The token is not emailed from Airbitz but from your own email account.

Tap on the link in the email and answer the 2 questions you previously set up. The answers are case sensitive.

Once answered successfully you will be able to change your password.

If you do not remember your username or password, and you no longer have PIN access, fingerprint access, or recovery questions, Airbitz will not be able to reset your password, as all data is securely encrypted. We suggest creating a spreadsheet and systematically trying every password you can think of until you regain access to your account.

If you would like to request a specific amount, you can enter that now. Otherwise, you can skip ahead to the next step.

Press the big “Next” button.

The app will display a QR code. Anybody who scans this QR code can send you Bitcoins. You can also use the buttons below to email or SMS the request to another person.

On iPhone 4S or above, if Bluetooth is enabled on both sending and receiving phones, another user can send bitcoin by ‘scanning’ the Bluetooth request from up to 30 feet away. Verify the first 10 digits of the address on the QR code screen with the address on the Sender’s screen to ensure they are sending to the correct user.

The Airbitz wallet uses Bluetooth Low Energy (BLE) to transmit the requesting user’s public address and requested amount over the air in replacement of displaying a QR code. This is currently compatible only on iPhone 4S and above using iOS versions 7.0 and higher.

The requesting wallet transmits the first 10 digits of the public address and the optional name/handle of the user. The sender will detect the name and display it in a list of other requests on the Send screen. Should more than one request have the same name/handle, the request will be highlighted in orange as a warning for the user to double check the address prefix before sending funds.

The sending user need only tap on the request, and they are brought to the Send Confirmation screen where they can change the amount and send off the bitcoin transaction.

Airbitz made a conscious decision to restrict our wallet to native mobile applications. Website infrastructures are notoriously difficult to secure as there are many different attack vectors allowing hackers access to users’ credentials.

Note that with the exception of keyboard or screen loggers, Airbitz is not susceptible to any of the above attacks. Fully compromised Airbitz servers or even the network around a user’s device does NOT give an attacker any access to user data or funds. We have carefully designed the client-server architecture with this in mind as we know Bitcoin security is a paramount concern and is critical in achieving mass adoption.

Airbitz Wallet (Technical)

No, neither Airbitz nor any third party can access the private keys, or even the public addresses and transactional meta data of any users. Private and public keys are generated on the user’s device and encrypted using THEIR login/password (Airbitz has no ability to decrypt the data). The encrypted data is then stored on their device and backed up to peer-to-peer cloud servers with a very high level of redundancy. User’s can access their funds from any compatible iPhone or Android device using the Airbitz mobile app and the same login & password.

2-Factor Authentication (2FA) is a key security feature for online accounts that has been largely neglected due to the difficulty and tedious nature of its operation. 2FA refers to the two factors required to authenticate with an online service. One factor is typically something a user knows, such as a login and password. A second factor is something a user has, such as a mobile device with an app such as Google Authenticator or Authy. This second factor prevents unauthorized access to an account by an attacker that has the correct username and password, but does not have the user’s device.

We’ve accomplished this simplicity by basically merging the functionality of Google Authenticator into Airbitz. Upon enabling 2FA, the Airbitz app will share a random token with the Airbitz servers. Instead of copy and pasting a 6 digit PIN every time you want to login, Airbitz will simply generate a one time use password from the shared token, and send it with each server interaction. This effectively ties your account to your current device.

Should the user lose their device, they can still attempt a login using another device and request a 2FA reset. The reset will require 7 days, during which, a notification will be sent to the device of the user to prevent a fraudulent reset. This leaves one question, why aren’t you using two factor authentication for all of your online services?

Mining fees have historically been determined by the amount of traffic on the network. These fees can change depending on how much volume the network is experiencing and the exchange rate. As they change so do the recommended fees set by our app. Our app determines the recommended mining fee by looking at multiple factors to reduce the cost to the user.

The app’s recommended fee is dynamic, based on the network’s recommended fee, and factoring the amount of bitcoin the user wants to send.

Since bitcoin transaction fees are a based on the size of the transaction in bytes of data, the primary fee calculation that needs to be made is to determine the fee per byte, usually expressed as satoshis per byte.

We start by querying several public bitcoin nodes and retrieving their estimated fee/byte for getting a confirmation. The nodes return estimated fee amounts based on the number of blocks for a confirmation. We record the amounts for confirmation in 1 through 7 blocks. Fees are higher for confirmation in 1 block vs 7 blocks with ranging fees in between.

Airbitz defaults to a “Standard” fee setting which targets a confirmation between 2 to 5 blocks. The wallet chooses between the 2 through 5 block fee estimate based on the amount of bitcoin the user is trying to send. Higher amounts will send fees closer to the 2 block estimate, smaller amounts will send fees closer to the 5 block estimate. This is an attempt at lowering fees for smaller value transactions. As of this writing (2017-03-14) the current network fee estimates were as follows:

To determine the fee estimate for the Standard setting, we start by taking the amount the user wants to spend in satoshis and multiply it by .001%. The value is then restricted between the parameters of the estimated fee for 2 blocks and 5 blocks.

250 is greater than the 2 block fee estimate of 220 sat/byte so 220 sat/byte is used.

If a user wanted to send 0.17 BTC = 17,000,000 satoshi * .001% = 170

170 is in between the 2 block estimate of 220 sat/byte and the 5 block estimate of 162 sat/byte so 170 sat/byte is used

If the user sets a “High” fee settings, Airbitz will use the 1 block fee estimate. If the user sets a “Low” fee settings, Airbitz will use the 7 block fee estimate.

The final fee is calculated by multiplying the size of the transaction in bytes by the fee estimate. Most transactions are approximately 230 bytes so given a fee estimate of 170 sat/byte, the final fee would be 39100 sat = 0.391 mBits = .000391 BTC or approximately $0.50 at an exchange rate of $1250/BTC. Note that many transactions may end up being much larger than 230 bytes. See this FAQ for details

The Airbitz mobile wallet is something known as an HD(Hierarchical Deterministic) wallet. This means we switch up receiving addresses for you every time you want to receive some bitcoin. Imagine having an unlimited number of email addresses that all go to you. This helps protect your privacy which we take very seriously.

And yes, you can reuse addresses an unlimited number of times but by default they will automatically change after each use.

No! Our 2FA is different than others and more secure in that it makes it such that only that specific device can login into that account and no other device can log into your account even if the username and password is compromised.

AirBitz uses AES256 for encryption and the keys are generated from the user’s login + password. The login & password are combined then hashed using Scrypt with a minimum set of (N,r,p) parameters of (16384,1,1) which is many orders of magnitude stronger than most other wallets, especially web wallets which typically only use a SHA hash with a few thousand rounds. Scrypt is way more memory and CPU intensive per round.

The minimum parameters of (16384,8,1) are only on slow iPhone 4 or old Android devices. On faster phones the parameters can go as high as (128000,8,1) which are extremely difficult to brute force.

Also note that no Scrypt ASIC miners can hash Airbitz passwords as ASIC miners only use parameters (1024,1,1).

Random number generation is a critical aspect to cryptography, and Airbitz utilizes several sources of entropy to provide randomness. First is the operating system random number generator. Airbitz calls directly into the core of the OS, bypassing potential issues with libraries such as those present in an earlier version of the Java library. Entropy is also added from various system sources such as free memory, time/date, and file system info. This combination protects from a compromise of any one of the entropy sources.

Users’ private keys are created and stored on the users’ local device, encrypted at all times. Upon account and wallet creation, private keys are encrypted and backed up to our peer-to-peer, high redundancy backup servers. The location of the encrypted data for any specific account is only known by the client application on the user’s device. Not even Airbitz can determine the exact file storage of any specific user’s data.

Airbitz made a conscious decision to restrict our wallet to native mobile applications. Website infrastructures are notoriously difficult to secure as there are many different attack vectors allowing hackers access to users’ credentials.

Note that with the exception of keyboard or screen loggers, Airbitz is not susceptible to any of the above attacks. Fully compromised Airbitz servers or even the network around a user’s device does NOT give an attacker any access to user data or funds. We have carefully designed the client-server architecture with this in mind as we know Bitcoin security is a paramount concern and is critical in achieving mass adoption.

Airbitz Server Components (Technical)

Airbitz made a conscious decision to restrict our wallet to native mobile applications. Website infrastructures are notoriously difficult to secure as there are many different attack vectors allowing hackers access to users’ credentials.

Note that with the exception of keyboard or screen loggers, Airbitz is not susceptible to any of the above attacks. Fully compromised Airbitz servers or even the network around a user’s device does NOT give an attacker any access to user data or funds. We have carefully designed the client-server architecture with this in mind as we know Bitcoin security is a paramount concern and is critical in achieving mass adoption.